From c250c947ce0103e330591c85f546304eda2619b1 Mon Sep 17 00:00:00 2001 From: Zhang Xiao Date: Tue, 1 Mar 2016 18:01:41 +0800 Subject: [PATCH 4/4] openssl: bug fix for CVE-2016-0800 --- Disable EXPORT and LOW SSLv3+ ciphers by default --- Add a test for SSLv2 configuration SSLv2 should be off by default. You can only turn it on if you have called SSL_CTX_clear_options(SSL_OP_NO_SSLv2) or SSL_clear_options(SSL_OP_NO_SSLv2). You should not be able to inadvertantly turn it on again via SSL_CONF without having done that first. --- Bring SSL method documentation up to date --- Disable SSLv2 default build, default negotiation and weak ciphers. SSLv2 is by default disabled at build-time. Builds that are not configured with "enable-ssl2" will not support SSLv2. Even if "enable-ssl2" is used, users who want to negotiate SSLv2 via the version-flexible SSLv23_method() will need to explicitly call either of: SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2); or SSL_clear_options(ssl, SSL_OP_NO_SSLv2); as appropriate. Even if either of those is used, or the application explicitly uses the version-specific SSLv2_method() or its client or server variants, SSLv2 ciphers vulnerable to exhaustive search key recovery have been removed. Specifically, the SSLv2 40-bit EXPORT ciphers, and SSLv2 56-bit DES are no longer available. Signed-off-by: Zhang Xiao --- Configure | 8 +- doc/apps/ciphers.pod | 59 ++++++++------ doc/apps/s_client.pod | 12 +-- doc/apps/s_server.pod | 8 +- doc/ssl/SSL_CONF_cmd.pod | 33 ++++---- doc/ssl/SSL_CTX_new.pod | 168 ++++++++++++++++++++++++++++------------ doc/ssl/SSL_CTX_set_options.pod | 10 +++ doc/ssl/ssl.pod | 77 ++++++++++++++---- ssl/Makefile | 2 +- ssl/s2_lib.c | 6 ++ ssl/s3_lib.c | 54 +++++++++++++ ssl/ssl_conf.c | 10 ++- ssl/ssl_lib.c | 7 ++ test/Makefile | 36 ++++++++- 14 files changed, 363 insertions(+), 127 deletions(-) diff --git a/Configure b/Configure index b1efa61..c16bcea 100755 --- a/Configure +++ b/Configure @@ -58,6 +58,10 @@ my $usage="Usage: Configure [no- ...] [enable- ...] [experimenta # library and will be loaded in run-time by the OpenSSL library. # sctp include SCTP support # 386 generate 80386 code +# enable-weak-ssl-ciphers +# Enable EXPORT and LOW SSLv3 ciphers that are disabled by +# default. Note, weak SSLv2 ciphers are unconditionally +# disabled. # no-sse2 disables IA-32 SSE2 code, above option implies no-sse2 # no- build without specified algorithm (rsa, idea, rc5, ...) # - + compiler options are passed through @@ -847,11 +851,13 @@ my %disabled = ( # "what" => "comment" [or special keyword "experimental "md2" => "default", "rc5" => "default", "rfc3779" => "default", - "sctp" => "default", + "sctp" => "default", "shared" => "default", "ssl-trace" => "default", + "ssl2" => "default", "store" => "experimental", "unit-test" => "default", + "weak-ssl-ciphers" => "default", "zlib" => "default", "zlib-dynamic" => "default" ); diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod index 1c26e3b..9643b4d 100644 --- a/doc/apps/ciphers.pod +++ b/doc/apps/ciphers.pod @@ -38,25 +38,21 @@ SSL v2 and for SSL v3/TLS v1. Like B<-v>, but include cipher suite codes in output (hex format). -=item B<-ssl3> +=item B<-ssl3>, B<-tls1> -only include SSL v3 ciphers. +This lists ciphers compatible with any of SSLv3, TLSv1, TLSv1.1 or TLSv1.2. =item B<-ssl2> -only include SSL v2 ciphers. - -=item B<-tls1> - -only include TLS v1 ciphers. +Only include SSLv2 ciphers. =item B<-h>, B<-?> -print a brief usage message. +Print a brief usage message. =item B -a cipher list to convert to a cipher preference list. If it is not included +A cipher list to convert to a cipher preference list. If it is not included then the default cipher list will be used. The format is described below. =back @@ -109,9 +105,10 @@ The following is a list of all permitted cipher strings and their meanings. =item B -the default cipher list. This is determined at compile time and -is normally B. This must be the firstcipher string -specified. +The default cipher list. +This is determined at compile time and is normally +B. +When used, this must be the first cipherstring specified. =item B @@ -139,34 +136,46 @@ than 128 bits, and some cipher suites with 128-bit keys. =item B -"low" encryption cipher suites, currently those using 64 or 56 bit encryption algorithms -but excluding export cipher suites. +Low strength encryption cipher suites, currently those using 64 or 56 bit +encryption algorithms but excluding export cipher suites. +As of OpenSSL 1.0.2g, these are disabled in default builds. =item B, B -export encryption algorithms. Including 40 and 56 bits algorithms. +Export strength encryption algorithms. Including 40 and 56 bits algorithms. +As of OpenSSL 1.0.2g, these are disabled in default builds. =item B -40 bit export encryption algorithms +40-bit export encryption algorithms +As of OpenSSL 1.0.2g, these are disabled in default builds. =item B -56 bit export encryption algorithms. In OpenSSL 0.9.8c and later the set of +56-bit export encryption algorithms. In OpenSSL 0.9.8c and later the set of 56 bit export ciphers is empty unless OpenSSL has been explicitly configured with support for experimental ciphers. +As of OpenSSL 1.0.2g, these are disabled in default builds. =item B, B -the "NULL" ciphers that is those offering no encryption. Because these offer no -encryption at all and are a security risk they are disabled unless explicitly -included. +The "NULL" ciphers that is those offering no encryption. Because these offer no +encryption at all and are a security risk they are not enabled via either the +B or B cipher strings. +Be careful when building cipherlists out of lower-level primitives such as +B or B as these do overlap with the B ciphers. +When in doubt, include B in your cipherlist. =item B -the cipher suites offering no authentication. This is currently the anonymous +The cipher suites offering no authentication. This is currently the anonymous DH algorithms and anonymous ECDH algorithms. These cipher suites are vulnerable to a "man in the middle" attack and so their use is normally discouraged. +These are excluded from the B ciphers, but included in the B +ciphers. +Be careful when building cipherlists out of lower-level primitives such as +B or B as these do overlap with the B ciphers. +When in doubt, include B in your cipherlist. =item B, B @@ -582,11 +591,11 @@ Note: these ciphers can also be used in SSL v3. =head2 Deprecated SSL v2.0 cipher suites. SSL_CK_RC4_128_WITH_MD5 RC4-MD5 - SSL_CK_RC4_128_EXPORT40_WITH_MD5 EXP-RC4-MD5 - SSL_CK_RC2_128_CBC_WITH_MD5 RC2-MD5 - SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 EXP-RC2-MD5 + SSL_CK_RC4_128_EXPORT40_WITH_MD5 Not implemented. + SSL_CK_RC2_128_CBC_WITH_MD5 RC2-CBC-MD5 + SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 Not implemented. SSL_CK_IDEA_128_CBC_WITH_MD5 IDEA-CBC-MD5 - SSL_CK_DES_64_CBC_WITH_MD5 DES-CBC-MD5 + SSL_CK_DES_64_CBC_WITH_MD5 Not implemented. SSL_CK_DES_192_EDE3_CBC_WITH_MD5 DES-CBC3-MD5 =head1 NOTES diff --git a/doc/apps/s_client.pod b/doc/apps/s_client.pod index 84d0527..618df96 100644 --- a/doc/apps/s_client.pod +++ b/doc/apps/s_client.pod @@ -201,15 +201,11 @@ Use the PSK key B when using a PSK cipher suite. The key is given as a hexadecimal number without leading 0x, for example -psk 1a2b3c4d. -=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2> +=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2> -these options disable the use of certain SSL or TLS protocols. By default -the initial handshake uses a method which should be compatible with all -servers and permit them to use SSL v3, SSL v2 or TLS as appropriate. - -Unfortunately there are still ancient and broken servers in use which -cannot handle this technique and will fail to connect. Some servers only -work if TLS is turned off. +These options require or disable the use of the specified SSL or TLS protocols. +By default the initial handshake uses a I method which will +negotiate the highest mutually supported protocol version. =item B<-fallback_scsv> diff --git a/doc/apps/s_server.pod b/doc/apps/s_server.pod index baca779..6f4acb7 100644 --- a/doc/apps/s_server.pod +++ b/doc/apps/s_server.pod @@ -217,11 +217,11 @@ Use the PSK key B when using a PSK cipher suite. The key is given as a hexadecimal number without leading 0x, for example -psk 1a2b3c4d. -=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1> +=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2> -these options disable the use of certain SSL or TLS protocols. By default -the initial handshake uses a method which should be compatible with all -servers and permit them to use SSL v3, SSL v2 or TLS as appropriate. +These options require or disable the use of the specified SSL or TLS protocols. +By default the initial handshake uses a I method which will +negotiate the highest mutually supported protocol version. =item B<-bugs> diff --git a/doc/ssl/SSL_CONF_cmd.pod b/doc/ssl/SSL_CONF_cmd.pod index 2bf1a60..e81d76a 100644 --- a/doc/ssl/SSL_CONF_cmd.pod +++ b/doc/ssl/SSL_CONF_cmd.pod @@ -74,7 +74,7 @@ B). Curve names are case sensitive. =item B<-named_curve> -This sets the temporary curve used for ephemeral ECDH modes. Only used by +This sets the temporary curve used for ephemeral ECDH modes. Only used by servers The B argument is a curve name or the special value B which @@ -85,7 +85,7 @@ can be either the B name (e.g. B) or an OpenSSL OID name =item B<-cipher> Sets the cipher suite list to B. Note: syntax checking of B is -currently not performed unless a B or B structure is +currently not performed unless a B or B structure is associated with B. =item B<-cert> @@ -111,9 +111,9 @@ operations are permitted. =item B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2> -Disables protocol support for SSLv2, SSLv3, TLS 1.0, TLS 1.1 or TLS 1.2 -by setting the corresponding options B, B, -B, B and B respectively. +Disables protocol support for SSLv2, SSLv3, TLSv1.0, TLSv1.1 or TLSv1.2 +by setting the corresponding options B, B, +B, B and B respectively. =item B<-bugs> @@ -177,7 +177,7 @@ Note: the command prefix (if set) alters the recognised B values. =item B Sets the cipher suite list to B. Note: syntax checking of B is -currently not performed unless an B or B structure is +currently not performed unless an B or B structure is associated with B. =item B @@ -244,7 +244,7 @@ B). Curve names are case sensitive. =item B -This sets the temporary curve used for ephemeral ECDH modes. Only used by +This sets the temporary curve used for ephemeral ECDH modes. Only used by servers The B argument is a curve name or the special value B which @@ -258,10 +258,11 @@ The supported versions of the SSL or TLS protocol. The B argument is a comma separated list of supported protocols to enable or disable. If an protocol is preceded by B<-> that version is disabled. -All versions are enabled by default, though applications may choose to -explicitly disable some. Currently supported protocol values are B, -B, B, B and B. The special value B refers -to all supported versions. +Currently supported protocol values are B, B, B, +B and B. +All protocol versions other than B are enabled by default. +To avoid inadvertent enabling of B, when SSLv2 is disabled, it is not +possible to enable it via the B command. =item B @@ -339,16 +340,16 @@ The value is a directory name. The order of operations is significant. This can be used to set either defaults or values which cannot be overridden. For example if an application calls: - SSL_CONF_cmd(ctx, "Protocol", "-SSLv2"); + SSL_CONF_cmd(ctx, "Protocol", "-SSLv3"); SSL_CONF_cmd(ctx, userparam, uservalue); -it will disable SSLv2 support by default but the user can override it. If +it will disable SSLv3 support by default but the user can override it. If however the call sequence is: SSL_CONF_cmd(ctx, userparam, uservalue); - SSL_CONF_cmd(ctx, "Protocol", "-SSLv2"); + SSL_CONF_cmd(ctx, "Protocol", "-SSLv3"); -SSLv2 is B disabled and attempt to override this by the user are +then SSLv3 is B disabled and attempt to override this by the user are ignored. By checking the return code of SSL_CTX_cmd() it is possible to query if a @@ -372,7 +373,7 @@ can be checked instead. If -3 is returned a required argument is missing and an error is indicated. If 0 is returned some other error occurred and this can be reported back to the user. -The function SSL_CONF_cmd_value_type() can be used by applications to +The function SSL_CONF_cmd_value_type() can be used by applications to check for the existence of a command or to perform additional syntax checking or translation of the command value. For example if the return value is B an application could translate a relative diff --git a/doc/ssl/SSL_CTX_new.pod b/doc/ssl/SSL_CTX_new.pod index 491ac8c..b8cc879 100644 --- a/doc/ssl/SSL_CTX_new.pod +++ b/doc/ssl/SSL_CTX_new.pod @@ -2,13 +2,55 @@ =head1 NAME -SSL_CTX_new - create a new SSL_CTX object as framework for TLS/SSL enabled functions +SSL_CTX_new, +SSLv23_method, SSLv23_server_method, SSLv23_client_method, +TLSv1_2_method, TLSv1_2_server_method, TLSv1_2_client_method, +TLSv1_1_method, TLSv1_1_server_method, TLSv1_1_client_method, +TLSv1_method, TLSv1_server_method, TLSv1_client_method, +SSLv3_method, SSLv3_server_method, SSLv3_client_method, +SSLv2_method, SSLv2_server_method, SSLv2_client_method, +DTLS_method, DTLS_server_method, DTLS_client_method, +DTLSv1_2_method, DTLSv1_2_server_method, DTLSv1_2_client_method, +DTLSv1_method, DTLSv1_server_method, DTLSv1_client_method - +create a new SSL_CTX object as framework for TLS/SSL enabled functions =head1 SYNOPSIS #include SSL_CTX *SSL_CTX_new(const SSL_METHOD *method); + const SSL_METHOD *SSLv23_method(void); + const SSL_METHOD *SSLv23_server_method(void); + const SSL_METHOD *SSLv23_client_method(void); + const SSL_METHOD *TLSv1_2_method(void); + const SSL_METHOD *TLSv1_2_server_method(void); + const SSL_METHOD *TLSv1_2_client_method(void); + const SSL_METHOD *TLSv1_1_method(void); + const SSL_METHOD *TLSv1_1_server_method(void); + const SSL_METHOD *TLSv1_1_client_method(void); + const SSL_METHOD *TLSv1_method(void); + const SSL_METHOD *TLSv1_server_method(void); + const SSL_METHOD *TLSv1_client_method(void); + #ifndef OPENSSL_NO_SSL3_METHOD + const SSL_METHOD *SSLv3_method(void); + const SSL_METHOD *SSLv3_server_method(void); + const SSL_METHOD *SSLv3_client_method(void); + #endif + #ifndef OPENSSL_NO_SSL2 + const SSL_METHOD *SSLv2_method(void); + const SSL_METHOD *SSLv2_server_method(void); + const SSL_METHOD *SSLv2_client_method(void); + #endif + + const SSL_METHOD *DTLS_method(void); + const SSL_METHOD *DTLS_server_method(void); + const SSL_METHOD *DTLS_client_method(void); + const SSL_METHOD *DTLSv1_2_method(void); + const SSL_METHOD *DTLSv1_2_server_method(void); + const SSL_METHOD *DTLSv1_2_client_method(void); + const SSL_METHOD *DTLSv1_method(void); + const SSL_METHOD *DTLSv1_server_method(void); + const SSL_METHOD *DTLSv1_client_method(void); =head1 DESCRIPTION @@ -23,65 +65,88 @@ client only type. B can be of the following types: =over 4 -=item SSLv2_method(void), SSLv2_server_method(void), SSLv2_client_method(void) +=item SSLv23_method(), SSLv23_server_method(), SSLv23_client_method() + +These are the general-purpose I SSL/TLS methods. +The actual protocol version used will be negotiated to the highest version +mutually supported by the client and the server. +The supported protocols are SSLv2, SSLv3, TLSv1, TLSv1.1 and TLSv1.2. +Most applications should use these method, and avoid the version specific +methods described below. + +The list of protocols available can be further limited using the +B, B, B, +B and B options of the +L or L functions. +Clients should avoid creating "holes" in the set of protocols they support, +when disabling a protocol, make sure that you also disable either all previous +or all subsequent protocol versions. +In clients, when a protocol version is disabled without disabling I +previous protocol versions, the effect is to also disable all subsequent +protocol versions. + +The SSLv2 and SSLv3 protocols are deprecated and should generally not be used. +Applications should typically use L in combination with +the B flag to disable negotiation of SSLv3 via the above +I SSL/TLS methods. +The B option is set by default, and would need to be cleared +via L in order to enable negotiation of SSLv2. + +=item TLSv1_2_method(), TLSv1_2_server_method(), TLSv1_2_client_method() -A TLS/SSL connection established with these methods will only understand -the SSLv2 protocol. A client will send out SSLv2 client hello messages -and will also indicate that it only understand SSLv2. A server will only -understand SSLv2 client hello messages. +A TLS/SSL connection established with these methods will only understand the +TLSv1.2 protocol. A client will send out TLSv1.2 client hello messages and +will also indicate that it only understand TLSv1.2. A server will only +understand TLSv1.2 client hello messages. -=item SSLv3_method(void), SSLv3_server_method(void), SSLv3_client_method(void) +=item TLSv1_1_method(), TLSv1_1_server_method(), TLSv1_1_client_method() A TLS/SSL connection established with these methods will only understand the -SSLv3 protocol. A client will send out SSLv3 client hello messages -and will indicate that it only understands SSLv3. A server will only understand -SSLv3 client hello messages. This especially means, that it will -not understand SSLv2 client hello messages which are widely used for -compatibility reasons, see SSLv23_*_method(). +TLSv1.1 protocol. A client will send out TLSv1.1 client hello messages and +will also indicate that it only understand TLSv1.1. A server will only +understand TLSv1.1 client hello messages. -=item TLSv1_method(void), TLSv1_server_method(void), TLSv1_client_method(void) +=item TLSv1_method(), TLSv1_server_method(), TLSv1_client_method() A TLS/SSL connection established with these methods will only understand the -TLSv1 protocol. A client will send out TLSv1 client hello messages -and will indicate that it only understands TLSv1. A server will only understand -TLSv1 client hello messages. This especially means, that it will -not understand SSLv2 client hello messages which are widely used for -compatibility reasons, see SSLv23_*_method(). It will also not understand -SSLv3 client hello messages. - -=item SSLv23_method(void), SSLv23_server_method(void), SSLv23_client_method(void) - -A TLS/SSL connection established with these methods may understand the SSLv2, -SSLv3, TLSv1, TLSv1.1 and TLSv1.2 protocols. - -If the cipher list does not contain any SSLv2 ciphersuites (the default -cipher list does not) or extensions are required (for example server name) -a client will send out TLSv1 client hello messages including extensions and -will indicate that it also understands TLSv1.1, TLSv1.2 and permits a -fallback to SSLv3. A server will support SSLv3, TLSv1, TLSv1.1 and TLSv1.2 -protocols. This is the best choice when compatibility is a concern. - -If any SSLv2 ciphersuites are included in the cipher list and no extensions -are required then SSLv2 compatible client hellos will be used by clients and -SSLv2 will be accepted by servers. This is B recommended due to the -insecurity of SSLv2 and the limited nature of the SSLv2 client hello -prohibiting the use of extensions. +TLSv1 protocol. A client will send out TLSv1 client hello messages and will +indicate that it only understands TLSv1. A server will only understand TLSv1 +client hello messages. -=back +=item SSLv3_method(), SSLv3_server_method(), SSLv3_client_method() + +A TLS/SSL connection established with these methods will only understand the +SSLv3 protocol. A client will send out SSLv3 client hello messages and will +indicate that it only understands SSLv3. A server will only understand SSLv3 +client hello messages. The SSLv3 protocol is deprecated and should not be +used. + +=item SSLv2_method(), SSLv2_server_method(), SSLv2_client_method() + +A TLS/SSL connection established with these methods will only understand the +SSLv2 protocol. A client will send out SSLv2 client hello messages and will +also indicate that it only understand SSLv2. A server will only understand +SSLv2 client hello messages. The SSLv2 protocol offers little to no security +and should not be used. +As of OpenSSL 1.0.2g, EXPORT ciphers and 56-bit DES are no longer available +with SSLv2. -The list of protocols available can later be limited using the SSL_OP_NO_SSLv2, -SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1 and SSL_OP_NO_TLSv1_2 -options of the SSL_CTX_set_options() or SSL_set_options() functions. -Using these options it is possible to choose e.g. SSLv23_server_method() and -be able to negotiate with all possible clients, but to only allow newer -protocols like TLSv1, TLSv1.1 or TLS v1.2. +=item DTLS_method(), DTLS_server_method(), DTLS_client_method() -Applications which never want to support SSLv2 (even is the cipher string -is configured to use SSLv2 ciphersuites) can set SSL_OP_NO_SSLv2. +These are the version-flexible DTLS methods. + +=item DTLSv1_2_method(), DTLSv1_2_server_method(), DTLSv1_2_client_method() + +These are the version-specific methods for DTLSv1.2. + +=item DTLSv1_method(), DTLSv1_server_method(), DTLSv1_client_method() + +These are the version-specific methods for DTLSv1. + +=back -SSL_CTX_new() initializes the list of ciphers, the session cache setting, -the callbacks, the keys and certificates and the options to its default -values. +SSL_CTX_new() initializes the list of ciphers, the session cache setting, the +callbacks, the keys and certificates and the options to its default values. =head1 RETURN VALUES @@ -91,8 +156,8 @@ The following return values can occur: =item NULL -The creation of a new SSL_CTX object failed. Check the error stack to -find out the reason. +The creation of a new SSL_CTX object failed. Check the error stack to find out +the reason. =item Pointer to an SSL_CTX object @@ -102,6 +167,7 @@ The return value points to an allocated SSL_CTX object. =head1 SEE ALSO +L, L, L, L, L, L, L diff --git a/doc/ssl/SSL_CTX_set_options.pod b/doc/ssl/SSL_CTX_set_options.pod index e80a72c..9a7e98c 100644 --- a/doc/ssl/SSL_CTX_set_options.pod +++ b/doc/ssl/SSL_CTX_set_options.pod @@ -189,15 +189,25 @@ browser has a cert, it will crash/hang. Works for 3.x and 4.xbeta =item SSL_OP_NO_SSLv2 Do not use the SSLv2 protocol. +As of OpenSSL 1.0.2g the B option is set by default. =item SSL_OP_NO_SSLv3 Do not use the SSLv3 protocol. +It is recommended that applications should set this option. =item SSL_OP_NO_TLSv1 Do not use the TLSv1 protocol. +=item SSL_OP_NO_TLSv1_1 + +Do not use the TLSv1.1 protocol. + +=item SSL_OP_NO_TLSv1_2 + +Do not use the TLSv1.2 protocol. + =item SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION When performing renegotiation as a server, always start a new session diff --git a/doc/ssl/ssl.pod b/doc/ssl/ssl.pod index 242087e..70cca17 100644 --- a/doc/ssl/ssl.pod +++ b/doc/ssl/ssl.pod @@ -130,41 +130,86 @@ protocol methods defined in B structures. =over 4 -=item const SSL_METHOD *B(void); +=item const SSL_METHOD *B(void); -Constructor for the SSLv2 SSL_METHOD structure for a dedicated client. +Constructor for the I SSL_METHOD structure for +clients, servers or both. +See L for details. -=item const SSL_METHOD *B(void); +=item const SSL_METHOD *B(void); -Constructor for the SSLv2 SSL_METHOD structure for a dedicated server. +Constructor for the I SSL_METHOD structure for +clients. -=item const SSL_METHOD *B(void); +=item const SSL_METHOD *B(void); -Constructor for the SSLv2 SSL_METHOD structure for combined client and server. +Constructor for the I SSL_METHOD structure for +servers. -=item const SSL_METHOD *B(void); +=item const SSL_METHOD *B(void); -Constructor for the SSLv3 SSL_METHOD structure for a dedicated client. +Constructor for the TLSv1.2 SSL_METHOD structure for clients, servers +or both. -=item const SSL_METHOD *B(void); +=item const SSL_METHOD *B(void); -Constructor for the SSLv3 SSL_METHOD structure for a dedicated server. +Constructor for the TLSv1.2 SSL_METHOD structure for clients. -=item const SSL_METHOD *B(void); +=item const SSL_METHOD *B(void); + +Constructor for the TLSv1.2 SSL_METHOD structure for servers. + +=item const SSL_METHOD *B(void); -Constructor for the SSLv3 SSL_METHOD structure for combined client and server. +Constructor for the TLSv1.1 SSL_METHOD structure for clients, servers +or both. + +=item const SSL_METHOD *B(void); + +Constructor for the TLSv1.1 SSL_METHOD structure for clients. + +=item const SSL_METHOD *B(void); + +Constructor for the TLSv1.1 SSL_METHOD structure for servers. + +=item const SSL_METHOD *B(void); + +Constructor for the TLSv1 SSL_METHOD structure for clients, servers +or both. =item const SSL_METHOD *B(void); -Constructor for the TLSv1 SSL_METHOD structure for a dedicated client. +Constructor for the TLSv1 SSL_METHOD structure for clients. =item const SSL_METHOD *B(void); -Constructor for the TLSv1 SSL_METHOD structure for a dedicated server. +Constructor for the TLSv1 SSL_METHOD structure for servers. -=item const SSL_METHOD *B(void); +=item const SSL_METHOD *B(void); + +Constructor for the SSLv3 SSL_METHOD structure for clients, servers +or both. + +=item const SSL_METHOD *B(void); + +Constructor for the SSLv3 SSL_METHOD structure for clients. + +=item const SSL_METHOD *B(void); + +Constructor for the SSLv3 SSL_METHOD structure for servers. + +=item const SSL_METHOD *B(void); + +Constructor for the SSLv2 SSL_METHOD structure for clients, servers +or both. + +=item const SSL_METHOD *B(void); + +Constructor for the SSLv2 SSL_METHOD structure for clients. + +=item const SSL_METHOD *B(void); -Constructor for the TLSv1 SSL_METHOD structure for combined client and server. +Constructor for the SSLv2 SSL_METHOD structure for servers. =back diff --git a/ssl/Makefile b/ssl/Makefile index e75cbc2..6882037 100644 --- a/ssl/Makefile +++ b/ssl/Makefile @@ -15,7 +15,7 @@ KRB5_INCLUDES= CFLAGS= $(INCLUDES) $(CFLAG) GENERAL=Makefile README ssl-lib.com install.com -TEST=ssltest.c heartbeat_test.c +TEST=ssltest.c heartbeat_test.c sslv2conftest.c APPS= LIB=$(TOP)/libssl.a diff --git a/ssl/s2_lib.c b/ssl/s2_lib.c index d55b93f..a8036b3 100644 --- a/ssl/s2_lib.c +++ b/ssl/s2_lib.c @@ -156,6 +156,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[] = { 128, }, +# if 0 /* RC4_128_EXPORT40_WITH_MD5 */ { 1, @@ -171,6 +172,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[] = { 40, 128, }, +# endif /* RC2_128_CBC_WITH_MD5 */ { @@ -188,6 +190,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[] = { 128, }, +# if 0 /* RC2_128_CBC_EXPORT40_WITH_MD5 */ { 1, @@ -203,6 +206,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[] = { 40, 128, }, +# endif # ifndef OPENSSL_NO_IDEA /* IDEA_128_CBC_WITH_MD5 */ @@ -222,6 +226,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[] = { }, # endif +# if 0 /* DES_64_CBC_WITH_MD5 */ { 1, @@ -237,6 +242,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[] = { 56, 56, }, +# endif /* DES_192_EDE3_CBC_WITH_MD5 */ { diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 28f645b..95fd956 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -198,6 +198,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { }, /* Cipher 03 */ +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, SSL3_TXT_RSA_RC4_40_MD5, @@ -212,6 +213,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 40, 128, }, +#endif /* Cipher 04 */ { @@ -246,6 +248,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { }, /* Cipher 06 */ +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, SSL3_TXT_RSA_RC2_40_MD5, @@ -260,6 +263,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 40, 128, }, +#endif /* Cipher 07 */ #ifndef OPENSSL_NO_IDEA @@ -280,6 +284,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { #endif /* Cipher 08 */ +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, SSL3_TXT_RSA_DES_40_CBC_SHA, @@ -294,8 +299,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 40, 56, }, +#endif /* Cipher 09 */ +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, SSL3_TXT_RSA_DES_64_CBC_SHA, @@ -310,6 +317,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 56, 56, }, +#endif /* Cipher 0A */ { @@ -329,6 +337,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { /* The DH ciphers */ /* Cipher 0B */ +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 0, SSL3_TXT_DH_DSS_DES_40_CBC_SHA, @@ -343,8 +352,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 40, 56, }, +#endif /* Cipher 0C */ +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, SSL3_TXT_DH_DSS_DES_64_CBC_SHA, @@ -359,6 +370,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 56, 56, }, +#endif /* Cipher 0D */ { @@ -377,6 +389,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { }, /* Cipher 0E */ +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 0, SSL3_TXT_DH_RSA_DES_40_CBC_SHA, @@ -391,8 +404,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 40, 56, }, +#endif /* Cipher 0F */ +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, SSL3_TXT_DH_RSA_DES_64_CBC_SHA, @@ -407,6 +422,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 56, 56, }, +#endif /* Cipher 10 */ { @@ -426,6 +442,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { /* The Ephemeral DH ciphers */ /* Cipher 11 */ +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, SSL3_TXT_EDH_DSS_DES_40_CBC_SHA, @@ -440,8 +457,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 40, 56, }, +#endif /* Cipher 12 */ +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, SSL3_TXT_EDH_DSS_DES_64_CBC_SHA, @@ -456,6 +475,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 56, 56, }, +#endif /* Cipher 13 */ { @@ -474,6 +494,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { }, /* Cipher 14 */ +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, SSL3_TXT_EDH_RSA_DES_40_CBC_SHA, @@ -488,8 +509,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 40, 56, }, +#endif /* Cipher 15 */ +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, SSL3_TXT_EDH_RSA_DES_64_CBC_SHA, @@ -504,6 +527,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 56, 56, }, +#endif /* Cipher 16 */ { @@ -522,6 +546,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { }, /* Cipher 17 */ +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, SSL3_TXT_ADH_RC4_40_MD5, @@ -536,6 +561,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 40, 128, }, +#endif /* Cipher 18 */ { @@ -554,6 +580,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { }, /* Cipher 19 */ +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, SSL3_TXT_ADH_DES_40_CBC_SHA, @@ -568,8 +595,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 40, 128, }, +#endif /* Cipher 1A */ +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, SSL3_TXT_ADH_DES_64_CBC_SHA, @@ -584,6 +613,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 56, 56, }, +#endif /* Cipher 1B */ { @@ -655,6 +685,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { #ifndef OPENSSL_NO_KRB5 /* The Kerberos ciphers*/ /* Cipher 1E */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, SSL3_TXT_KRB5_DES_64_CBC_SHA, @@ -669,6 +700,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 56, 56, }, +# endif /* Cipher 1F */ { @@ -719,6 +751,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { }, /* Cipher 22 */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, SSL3_TXT_KRB5_DES_64_CBC_MD5, @@ -733,6 +766,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 56, 56, }, +# endif /* Cipher 23 */ { @@ -783,6 +817,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { }, /* Cipher 26 */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, SSL3_TXT_KRB5_DES_40_CBC_SHA, @@ -797,8 +832,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 40, 56, }, +# endif /* Cipher 27 */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, SSL3_TXT_KRB5_RC2_40_CBC_SHA, @@ -813,8 +850,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 40, 128, }, +# endif /* Cipher 28 */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, SSL3_TXT_KRB5_RC4_40_SHA, @@ -829,8 +868,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 40, 128, }, +# endif /* Cipher 29 */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, SSL3_TXT_KRB5_DES_40_CBC_MD5, @@ -845,8 +886,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 40, 56, }, +# endif /* Cipher 2A */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, SSL3_TXT_KRB5_RC2_40_CBC_MD5, @@ -861,8 +904,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 40, 128, }, +# endif /* Cipher 2B */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, SSL3_TXT_KRB5_RC4_40_MD5, @@ -877,6 +922,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 40, 128, }, +# endif #endif /* OPENSSL_NO_KRB5 */ /* New AES ciphersuites */ @@ -1300,6 +1346,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { # endif /* Cipher 62 */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA, @@ -1314,8 +1361,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 56, 56, }, +# endif /* Cipher 63 */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, @@ -1330,8 +1379,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 56, 56, }, +# endif /* Cipher 64 */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA, @@ -1346,8 +1397,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 56, 128, }, +# endif /* Cipher 65 */ +# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS { 1, TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, @@ -1362,6 +1415,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 56, 128, }, +# endif /* Cipher 66 */ { diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c index 5478840..8d3709d 100644 --- a/ssl/ssl_conf.c +++ b/ssl/ssl_conf.c @@ -330,11 +330,19 @@ static int cmd_Protocol(SSL_CONF_CTX *cctx, const char *value) SSL_FLAG_TBL_INV("TLSv1.1", SSL_OP_NO_TLSv1_1), SSL_FLAG_TBL_INV("TLSv1.2", SSL_OP_NO_TLSv1_2) }; + int ret; + int sslv2off; + if (!(cctx->flags & SSL_CONF_FLAG_FILE)) return -2; cctx->tbl = ssl_protocol_list; cctx->ntbl = sizeof(ssl_protocol_list) / sizeof(ssl_flag_tbl); - return CONF_parse_list(value, ',', 1, ssl_set_option_list, cctx); + + sslv2off = *cctx->poptions & SSL_OP_NO_SSLv2; + ret = CONF_parse_list(value, ',', 1, ssl_set_option_list, cctx); + /* Never turn on SSLv2 through configuration */ + *cctx->poptions |= sslv2off; + return ret; } static int cmd_Options(SSL_CONF_CTX *cctx, const char *value) diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index c0931e7..771385b 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2052,6 +2052,13 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) */ ret->options |= SSL_OP_LEGACY_SERVER_CONNECT; + /* + * Disable SSLv2 by default, callers that want to enable SSLv2 will have to + * explicitly clear this option via either of SSL_CTX_clear_options() or + * SSL_clear_options(). + */ + ret->options |= SSL_OP_NO_SSLv2; + return (ret); err: SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE); diff --git a/test/Makefile b/test/Makefile index 5291737..e653ba6 100644 --- a/test/Makefile +++ b/test/Makefile @@ -69,6 +69,7 @@ ASN1TEST= asn1test HEARTBEATTEST= heartbeat_test CONSTTIMETEST= constant_time_test VERIFYEXTRATEST= verify_extra_test +SSLV2CONFTEST = sslv2conftest TESTS= alltests @@ -81,7 +82,7 @@ EXE= $(BNTEST)$(EXE_EXT) $(ECTEST)$(EXE_EXT) $(ECDSATEST)$(EXE_EXT) $(ECDHTEST) $(BFTEST)$(EXE_EXT) $(CASTTEST)$(EXE_EXT) $(SSLTEST)$(EXE_EXT) $(EXPTEST)$(EXE_EXT) $(DSATEST)$(EXE_EXT) $(RSATEST)$(EXE_EXT) \ $(EVPTEST)$(EXE_EXT) $(EVPEXTRATEST)$(EXE_EXT) $(IGETEST)$(EXE_EXT) $(JPAKETEST)$(EXE_EXT) $(SRPTEST)$(EXE_EXT) \ $(ASN1TEST)$(EXE_EXT) $(V3NAMETEST)$(EXE_EXT) $(HEARTBEATTEST)$(EXE_EXT) \ - $(CONSTTIMETEST)$(EXE_EXT) $(VERIFYEXTRATEST)$(EXE_EXT) + $(CONSTTIMETEST)$(EXE_EXT) $(VERIFYEXTRATEST)$(EXE_EXT) $(SSLV2CONFTEST)$(EXE_EXT) # $(METHTEST)$(EXE_EXT) @@ -94,7 +95,7 @@ OBJ= $(BNTEST).o $(ECTEST).o $(ECDSATEST).o $(ECDHTEST).o $(IDEATEST).o \ $(RANDTEST).o $(DHTEST).o $(ENGINETEST).o $(CASTTEST).o \ $(BFTEST).o $(SSLTEST).o $(DSATEST).o $(EXPTEST).o $(RSATEST).o \ $(EVPTEST).o $(EVPEXTRATEST).o $(IGETEST).o $(JPAKETEST).o $(ASN1TEST).o $(V3NAMETEST).o \ - $(HEARTBEATTEST).o $(CONSTTIMETEST).o $(VERIFYEXTRATEST).o + $(HEARTBEATTEST).o $(CONSTTIMETEST).o $(VERIFYEXTRATEST).o $(SSLV2CONFTEST).o SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \ $(MD2TEST).c $(MD4TEST).c $(MD5TEST).c \ @@ -104,7 +105,8 @@ SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \ $(RANDTEST).c $(DHTEST).c $(ENGINETEST).c $(CASTTEST).c \ $(BFTEST).c $(SSLTEST).c $(DSATEST).c $(EXPTEST).c $(RSATEST).c \ $(EVPTEST).c $(EVPEXTRATEST).c $(IGETEST).c $(JPAKETEST).c $(SRPTEST).c $(ASN1TEST).c \ - $(V3NAMETEST).c $(HEARTBEATTEST).c $(CONSTTIMETEST).c $(VERIFYEXTRATEST).c + $(V3NAMETEST).c $(HEARTBEATTEST).c $(CONSTTIMETEST).c $(VERIFYEXTRATEST).c \ + $(SSLV2CONFTEST).c EXHEADER= HEADER= testutil.h $(EXHEADER) @@ -148,7 +150,7 @@ all-tests= \ test_gen test_req test_pkcs7 test_verify test_dh test_dsa \ test_ss test_ca test_engine test_evp test_evp_extra test_ssl test_tsa test_ige \ test_jpake test_srp test_cms test_ocsp test_v3name test_heartbeat \ - test_constant_time test_verify_extra + test_constant_time test_verify_extra test_sslv2conftest alltests: @(for i in $(all-tests); do \ @@ -356,6 +358,10 @@ test_verify_extra: @echo $(START) $@ ../util/shlib_wrap.sh ./$(VERIFYEXTRATEST) +test_sslv2conftest: $(SSLV2CONFTEST)$(EXE_EXT) + @echo $(START) $@ + ../util/shlib_wrap.sh ./$(SSLV2CONFTEST) + lint: lint -DLINT $(INCLUDES) $(SRC)>fluff @@ -530,6 +536,9 @@ $(CONSTTIMETEST)$(EXE_EXT): $(CONSTTIMETEST).o $(VERIFYEXTRATEST)$(EXE_EXT): $(VERIFYEXTRATEST).o @target=$(VERIFYEXTRATEST) $(BUILD_CMD) +$(SSLV2CONFTEST)$(EXE_EXT): $(SSLV2CONFTEST).o + @target=$(SSLV2CONFTEST) $(BUILD_CMD) + #$(AESTEST).o: $(AESTEST).c # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c @@ -820,6 +829,25 @@ ssltest.o: ../include/openssl/ssl3.h ../include/openssl/stack.h ssltest.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h ssltest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssltest.o: ../include/openssl/x509v3.h ssltest.c +sslv2conftest.o: ../include/openssl/asn1.h ../include/openssl/bio.h +sslv2conftest.o: ../include/openssl/buffer.h ../include/openssl/comp.h +sslv2conftest.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h +sslv2conftest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +sslv2conftest.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +sslv2conftest.o: ../include/openssl/err.h ../include/openssl/evp.h +sslv2conftest.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +sslv2conftest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +sslv2conftest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +sslv2conftest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +sslv2conftest.o: ../include/openssl/pem.h ../include/openssl/pem2.h +sslv2conftest.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +sslv2conftest.o: ../include/openssl/safestack.h ../include/openssl/sha.h +sslv2conftest.o: ../include/openssl/srtp.h ../include/openssl/ssl.h +sslv2conftest.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +sslv2conftest.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +sslv2conftest.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +sslv2conftest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +sslv2conftest.o: sslv2conftest.c v3nametest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h v3nametest.o: ../include/openssl/buffer.h ../include/openssl/conf.h v3nametest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h -- 1.9.1